You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by th...@apache.org on 2014/09/29 06:41:15 UTC
svn commit: r1628114 - in /hive/trunk/ql/src/test: queries/clientnegative/
queries/clientpositive/ results/clientnegative/ results/clientpositive/
Author: thejas
Date: Mon Sep 29 04:41:14 2014
New Revision: 1628114
URL: http://svn.apache.org/r1628114
Log:
HIVE-8279 : sql std auth - additional test cases (Thejas Nair, reviewed by Jason Dere)
Added:
hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab2.q
hive/trunk/ql/src/test/queries/clientnegative/authorization_show_columns.q
hive/trunk/ql/src/test/queries/clientpositive/authorization_grant_option_role.q
hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab2.q.out
hive/trunk/ql/src/test/results/clientnegative/authorization_show_columns.q.out
hive/trunk/ql/src/test/results/clientpositive/authorization_grant_option_role.q.out
Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab2.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab2.q?rev=1628114&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab2.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_not_owner_drop_tab2.q Mon Sep 29 04:41:14 2014
@@ -0,0 +1,14 @@
+set hive.test.authz.sstd.hs2.mode=true;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+set user.name=user1;
+
+create database db1;
+use db1;
+-- check if create table fails as different user. use db.table sytax
+create table t1(i int);
+use default;
+
+set user.name=user2;
+drop table db1.t1;
Added: hive/trunk/ql/src/test/queries/clientnegative/authorization_show_columns.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientnegative/authorization_show_columns.q?rev=1628114&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientnegative/authorization_show_columns.q (added)
+++ hive/trunk/ql/src/test/queries/clientnegative/authorization_show_columns.q Mon Sep 29 04:41:14 2014
@@ -0,0 +1,13 @@
+set hive.test.authz.sstd.hs2.mode=true;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+set hive.security.authorization.enabled=true;
+
+create database db1;
+use db1;
+-- check query without select privilege fails
+create table t1(i int);
+
+set user.name=user1;
+show columns in t1;
+
Added: hive/trunk/ql/src/test/queries/clientpositive/authorization_grant_option_role.q
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/queries/clientpositive/authorization_grant_option_role.q?rev=1628114&view=auto
==============================================================================
--- hive/trunk/ql/src/test/queries/clientpositive/authorization_grant_option_role.q (added)
+++ hive/trunk/ql/src/test/queries/clientpositive/authorization_grant_option_role.q Mon Sep 29 04:41:14 2014
@@ -0,0 +1,28 @@
+set hive.test.authz.sstd.hs2.mode=true;
+set hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactoryForTest;
+set hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateConfigUserAuthenticator;
+
+set user.name=hive_admin_user;
+set role admin;
+create role r1;
+grant role r1 to user r1user;
+
+set user.name=user1;
+CREATE TABLE t1(i int);
+
+-- all privileges should have been set for user
+
+GRANT ALL ON t1 TO ROLE r1 WITH GRANT OPTION;
+
+set user.name=r1user;
+-- check if user belong to role r1 can grant privileges to others
+GRANT ALL ON t1 TO USER user3;
+
+set user.name=hive_admin_user;
+set role admin;
+-- check privileges on table
+show grant on table t1;
+
+-- check if drop role removes privileges for that role
+drop role r1;
+show grant on table t1;
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab2.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab2.q.out?rev=1628114&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab2.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_not_owner_drop_tab2.q.out Mon Sep 29 04:41:14 2014
@@ -0,0 +1,29 @@
+PREHOOK: query: create database db1
+PREHOOK: type: CREATEDATABASE
+PREHOOK: Output: database:db1
+POSTHOOK: query: create database db1
+POSTHOOK: type: CREATEDATABASE
+POSTHOOK: Output: database:db1
+PREHOOK: query: use db1
+PREHOOK: type: SWITCHDATABASE
+PREHOOK: Input: database:db1
+POSTHOOK: query: use db1
+POSTHOOK: type: SWITCHDATABASE
+POSTHOOK: Input: database:db1
+PREHOOK: query: -- check if create table fails as different user. use db.table sytax
+create table t1(i int)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:db1
+PREHOOK: Output: db1@t1
+POSTHOOK: query: -- check if create table fails as different user. use db.table sytax
+create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:db1
+POSTHOOK: Output: db1@t1
+PREHOOK: query: use default
+PREHOOK: type: SWITCHDATABASE
+PREHOOK: Input: database:default
+POSTHOOK: query: use default
+POSTHOOK: type: SWITCHDATABASE
+POSTHOOK: Input: database:default
+FAILED: HiveAccessControlException Permission denied: Principal [name=user2, type=USER] does not have following privileges for operation DROPTABLE [[OBJECT OWNERSHIP] on Object [type=TABLE_OR_VIEW, name=db1.t1]]
Added: hive/trunk/ql/src/test/results/clientnegative/authorization_show_columns.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientnegative/authorization_show_columns.q.out?rev=1628114&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientnegative/authorization_show_columns.q.out (added)
+++ hive/trunk/ql/src/test/results/clientnegative/authorization_show_columns.q.out Mon Sep 29 04:41:14 2014
@@ -0,0 +1,23 @@
+PREHOOK: query: create database db1
+PREHOOK: type: CREATEDATABASE
+PREHOOK: Output: database:db1
+POSTHOOK: query: create database db1
+POSTHOOK: type: CREATEDATABASE
+POSTHOOK: Output: database:db1
+PREHOOK: query: use db1
+PREHOOK: type: SWITCHDATABASE
+PREHOOK: Input: database:db1
+POSTHOOK: query: use db1
+POSTHOOK: type: SWITCHDATABASE
+POSTHOOK: Input: database:db1
+PREHOOK: query: -- check query without select privilege fails
+create table t1(i int)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:db1
+PREHOOK: Output: db1@t1
+POSTHOOK: query: -- check query without select privilege fails
+create table t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:db1
+POSTHOOK: Output: db1@t1
+FAILED: HiveAccessControlException Permission denied: Principal [name=user1, type=USER] does not have following privileges for operation SHOWCOLUMNS [[SELECT] on Object [type=TABLE_OR_VIEW, name=db1.t1]]
Added: hive/trunk/ql/src/test/results/clientpositive/authorization_grant_option_role.q.out
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/test/results/clientpositive/authorization_grant_option_role.q.out?rev=1628114&view=auto
==============================================================================
--- hive/trunk/ql/src/test/results/clientpositive/authorization_grant_option_role.q.out (added)
+++ hive/trunk/ql/src/test/results/clientpositive/authorization_grant_option_role.q.out Mon Sep 29 04:41:14 2014
@@ -0,0 +1,78 @@
+PREHOOK: query: set role admin
+PREHOOK: type: SHOW_ROLES
+POSTHOOK: query: set role admin
+POSTHOOK: type: SHOW_ROLES
+PREHOOK: query: create role r1
+PREHOOK: type: CREATEROLE
+POSTHOOK: query: create role r1
+POSTHOOK: type: CREATEROLE
+PREHOOK: query: grant role r1 to user r1user
+PREHOOK: type: GRANT_ROLE
+POSTHOOK: query: grant role r1 to user r1user
+POSTHOOK: type: GRANT_ROLE
+PREHOOK: query: CREATE TABLE t1(i int)
+PREHOOK: type: CREATETABLE
+PREHOOK: Output: database:default
+PREHOOK: Output: default@t1
+POSTHOOK: query: CREATE TABLE t1(i int)
+POSTHOOK: type: CREATETABLE
+POSTHOOK: Output: database:default
+POSTHOOK: Output: default@t1
+PREHOOK: query: -- all privileges should have been set for user
+
+GRANT ALL ON t1 TO ROLE r1 WITH GRANT OPTION
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@t1
+POSTHOOK: query: -- all privileges should have been set for user
+
+GRANT ALL ON t1 TO ROLE r1 WITH GRANT OPTION
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@t1
+PREHOOK: query: -- check if user belong to role r1 can grant privileges to others
+GRANT ALL ON t1 TO USER user3
+PREHOOK: type: GRANT_PRIVILEGE
+PREHOOK: Output: default@t1
+POSTHOOK: query: -- check if user belong to role r1 can grant privileges to others
+GRANT ALL ON t1 TO USER user3
+POSTHOOK: type: GRANT_PRIVILEGE
+POSTHOOK: Output: default@t1
+PREHOOK: query: set role admin
+PREHOOK: type: SHOW_ROLES
+POSTHOOK: query: set role admin
+POSTHOOK: type: SHOW_ROLES
+PREHOOK: query: -- check privileges on table
+show grant on table t1
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: -- check privileges on table
+show grant on table t1
+POSTHOOK: type: SHOW_GRANT
+default t1 r1 ROLE DELETE true -1 user1
+default t1 r1 ROLE INSERT true -1 user1
+default t1 r1 ROLE SELECT true -1 user1
+default t1 r1 ROLE UPDATE true -1 user1
+default t1 user1 USER DELETE true -1 hive_admin_user
+default t1 user1 USER INSERT true -1 hive_admin_user
+default t1 user1 USER SELECT true -1 hive_admin_user
+default t1 user1 USER UPDATE true -1 hive_admin_user
+default t1 user3 USER DELETE false -1 r1user
+default t1 user3 USER INSERT false -1 r1user
+default t1 user3 USER SELECT false -1 r1user
+default t1 user3 USER UPDATE false -1 r1user
+PREHOOK: query: -- check if drop role removes privileges for that role
+drop role r1
+PREHOOK: type: DROPROLE
+POSTHOOK: query: -- check if drop role removes privileges for that role
+drop role r1
+POSTHOOK: type: DROPROLE
+PREHOOK: query: show grant on table t1
+PREHOOK: type: SHOW_GRANT
+POSTHOOK: query: show grant on table t1
+POSTHOOK: type: SHOW_GRANT
+default t1 user1 USER DELETE true -1 hive_admin_user
+default t1 user1 USER INSERT true -1 hive_admin_user
+default t1 user1 USER SELECT true -1 hive_admin_user
+default t1 user1 USER UPDATE true -1 hive_admin_user
+default t1 user3 USER DELETE false -1 r1user
+default t1 user3 USER INSERT false -1 r1user
+default t1 user3 USER SELECT false -1 r1user
+default t1 user3 USER UPDATE false -1 r1user